CVE-2025-14858
Received Received - Intake
Information Disclosure in Semtech LR11xx Firmware Validation via SPI

Publication date: 2026-04-07

Last updated on: 2026-04-07

Assigner: Sierra Wireless Inc.

Description
The Semtech LR11xx LoRa transceivers running early versions of firmware contains an information disclosure vulnerability in its firmware validation functionality. When a host issues a firmware validity check command via the SPI interface, the device decrypts the provided encrypted firmware package block-by-block to validate its integrity. However, the last decrypted firmware block remains uncleared in memory after the validation process completes. An attacker with access to the SPI interface can subsequently issue memory read commands to retrieve the decrypted firmware contents from this residual memory, effectively bypassing the firmware encryption protection mechanism. The attack requires physical access to the device's SPI interface.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-07
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14858
EUVD
EUVD-2025-209284
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
semtech lr11xx *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-226 The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in the resource before the product performs a critical state transition or makes the resource available for reuse by other entities.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability allows an attacker with physical access to the SPI interface to retrieve decrypted firmware contents from residual memory, effectively bypassing firmware encryption protection. This information disclosure could potentially expose sensitive firmware data.

Such unauthorized disclosure of firmware data may impact compliance with standards and regulations that require protection of sensitive information, such as GDPR and HIPAA, especially if the firmware contains personal data or security-critical code.

However, the vulnerability requires physical access to the device's SPI interface, which may limit the risk depending on the deployment environment and physical security controls.

Impact Analysis

This vulnerability can lead to unauthorized disclosure of the device's firmware. An attacker with physical access to the SPI interface can extract decrypted firmware code, potentially exposing proprietary or sensitive information. This could facilitate reverse engineering, intellectual property theft, or further attacks on the device by understanding its firmware.

Executive Summary

The Semtech LR11xx LoRa transceivers running early firmware versions have an information disclosure vulnerability in their firmware validation process. When the device checks the validity of firmware via the SPI interface, it decrypts the firmware block-by-block. However, after validation, the last decrypted firmware block remains in memory and is not cleared. An attacker with physical access to the SPI interface can read this residual memory to retrieve decrypted firmware contents, bypassing the encryption protection.

Detection Guidance

This vulnerability requires physical access to the device's SPI interface and involves the firmware validation process of Semtech LR11xx LoRa transceivers. Detection would involve checking for unauthorized access or commands issued via the SPI interface that read memory after a firmware validation command.

Since the vulnerability is related to residual decrypted firmware blocks remaining in memory after validation, detection might involve monitoring SPI interface commands for suspicious memory read operations following firmware validation commands.

However, no specific detection commands or network-based detection methods are provided in the available information.

Mitigation Strategies

The vulnerability requires physical access to the SPI interface, so immediate mitigation steps include restricting physical access to the device to trusted personnel only.

Additionally, updating the firmware to a version that addresses this information disclosure vulnerability would be advisable once such an update is available.

No specific mitigation commands or procedures are provided in the available information.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14858. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart